Major malware problem that will not go away

Status
Not open for further replies.
A

AndyUK

New member
I have been suffering from malware (or a virus?) for some time now and it is driving me mad. Initially it started with me opening my browser in which another browser would open and go to some ad site. Then when I went to any site (legitimate ones like a news site for example) a new browser would open taking me to again some odd ad site. This happened for a few weeks, I ran my anti-virus and kept on getting nothing, or it would pick up something, isolate/heal/delete etc, but still problem persisted. Then things started getting worse. Whenever I clicked on my username to log on, I would just get a blue screen, so I either re-started by computer or had to use ctrl + alt+ delete to log off and log on again. After finding this “fix” to that problem, couple days later suddenly my task bar/desktop and general features (windows boxes etc) morphed into some Windows classic/XP hybrid. Then my internet would stop connecting: “no wireless connection is found”. There are other computers in the house which are connected to our wireless network and they work fine, it is only mine that is affected Thus I resorted to the “fix” of having to re-start a dozens times or so till I get a connection.

Then when everything is going "fine and dandy" (after dozens re-starts to get a connection + having the windows classic look) bam! The computer randomly re-starts (thus I repeat the above “fix”). It is like I am playing a game of cat and mouse with my pc/malware/virus or whatever it is that is ruining my computer. In my attempt to solve this myself I downloaded anti-malware software etc, run the scan, malware detected and removed, I can even get my WindowsXP look. Problem solved? NO. I restart my pc and all goes back to malware state.
Download another anti-malware software, malware removed, problem "solved", restart computer and malware is back. I have run repeated anti-virus scans as well and same thing happens, detects something (or in other cases nothing), get rid of it, re-start and back to virus/malaware situation. I ran the windows onecare live and it detecting 6 items + 6 issues, only 3 of each it cured.

Please help me! I just want my computer back! (currently i have done “fix” for the computer –as above- and am afraid to turn it off/restart).
Many thanks!

DDS log below (i am not sure if the second log "attach" is wanted, nor do i know how to zip it):





DDS (Ver_10-03-17.01) - NTFSx86
Run by OWNER at 4:33:40.79 on 28/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.62 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OWNER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\firewa~1.lnk - c:\windows\system32\net.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093807566890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - hxxp://207.226.177.98/gba1402.exe
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli scfcder.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-6-5 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-5 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-26 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-21 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-21 5897808]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-29 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-29 235120]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-6-5 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-6-5 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-6-5 26192]
S0 fary;fary;c:\windows\system32\drivers\kmiwifwu.sys --> c:\windows\system32\drivers\kmiwifwu.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S2 ScheduleVAIOMediaPlatform-VideoServer-UPnP;Task Scheduler ScheduleVAIOMediaPlatform-VideoServer-UPnP;c:\windows\system32\adobepdfk.exe srv --> c:\windows\system32\AdobePDFk.exe srv [?]
S2 stisvcUPS;Windows Image Acquisition (WIA) stisvcUPS;c:\windows\system32\1037a.exe srv --> c:\windows\system32\1037a.exe srv [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-5 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-29 87664]

=============== Created Last 30 ================


==================== Find3M ====================

2010-06-28 03:33:21 26490195 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-21 16:26:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:20:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-30 23:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 23:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe

============= FINISH: 4:38:32.59 ===============
 
Hi.

Please read the following information carefully.

IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

To make cleaning this machine easier:

  • Continue to respond to this thread until I I tell you that the logs are clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.


Please post the second log in your next reply just as you did with the first log in your previous post.
 
Hi Victor,

Here is the second log:

(Also do i delete the DDS program entirely or do i keep it? As the instructions say to delete it from the desktop but i still have it installed)

--------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 29/08/2004 20:52:53
System Uptime: 26/06/2010 18:37:09 (34 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 9.223 GiB free.
D: is FIXED (NTFS) - 158 GiB total, 127.191 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2096: 05/06/2010 06:18:25 - Avg Update
RP2097: 06/06/2010 01:03:04 - Installed Adobe Photoshop CS2
RP2098: 08/06/2010 16:03:33 - System Checkpoint
RP2099: 08/06/2010 23:18:39 - System Checkpoint
RP2100: 09/06/2010 23:57:01 - System Checkpoint
RP2101: 11/06/2010 19:32:59 - System Checkpoint
RP2102: 14/06/2010 15:20:05 - System Checkpoint
RP2103: 15/06/2010 17:07:14 - System Checkpoint
RP2104: 18/06/2010 21:56:42 - System Checkpoint
RP2105: 20/06/2010 00:59:54 - System Checkpoint
RP2106: 20/06/2010 04:52:07 - Spybot-S&D Spyware removal
RP2107: 21/06/2010 17:18:57 - Avg Update
RP2108: 21/06/2010 17:27:01 - Avg Update
RP2109: 21/06/2010 22:55:22 - Cleaned registry with Windows Live OneCare safety scanner
RP2110: 23/06/2010 06:36:17 - System Checkpoint
RP2111: 24/06/2010 09:00:51 - System Checkpoint
RP2112: 25/06/2010 09:06:20 - System Checkpoint
RP2113: 25/06/2010 13:14:21 - Installed Windows Defender
RP2114: 26/06/2010 13:27:24 - System Checkpoint
RP2115: 26/06/2010 16:58:31 - Cleaned registry with Windows Live OneCare safety scanner
RP2116: 26/06/2010 18:11:22 - Software Distribution Service 3.0
RP2117: 27/06/2010 21:22:04 - System Checkpoint

==== Installed Programs ======================


Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware SE Personal
Adobe Acrobat Elements 6.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 9.0
Bonjour
ccCommon
Click to DVD 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Empire: Total War Demo
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (English)
Java 2 Runtime Environment, SE v1.4.2_01
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Mozilla Thunderbird (2.0.0.21)
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Natural Selection 3.2
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Portal
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rome - Total War(TM)
Rotor-Gene 6000 1.7.87
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SonicStage 1.6.00
Sony Ericsson PC Suite
Sony USB Mouse
Sony Video Shared Library
SPSS 16.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Steam
Sunbelt Personal Firewall
Sven Co-op 4.0B
Symantec Network Drivers Update
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO Remote Commander Utility 6.2
VAIO System Information
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
VPS
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
World Book Multimedia Encyclopedia 1997

==== Event Viewer Messages From Past Week ========

26/06/2010 02:32:17, error: NetBT [4321] - The name "HOME :1d" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.8 did not allow the name to be claimed by this machine.
26/06/2010 01:11:41, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Sony TV Tuner Manager with arguments "-Service" in order to run the server: {C6FA1982-15D6-41CB-81F7-780F3B83C5A2}
25/06/2010 04:51:49, error: NetBT [4321] - The name "HOME :1d" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.6 did not allow the name to be claimed by this machine.
24/06/2010 19:01:46, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
24/06/2010 19:01:46, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================
 
I'm sorry about the delay. I hope to post my set of instructions for you within the next 24 hours.
 
Please do not delete DDS or any other tool downloaded during the fix until the computer is clean.


You may want to print out or save these instructions to file since you will not be connected to internet in Safe Mode:

Please download GMER Rootkit Scanner from Here, save it to your desktop and note the filename (don't change the suggested random name!). Do not run the program yet.


Which anti malware programs did you try? Ad-Aware, Hitman Pro, Malwarebytes' Anti Malware, Windows Defender?

If you tried Malwarebytes' Anti Malware, please post the most recent log:
  • Start MBAM... click the Logs tab at the top.
    The log will be named by the date & time of scan in the following format: mbam-log-yyyy-mm-dd (time).txt
  • Click on the most recent log name to highlight it... then click the Open button, at bottom left. The log should open in Notepad as a text file.
  • Please copy and paste the entire contents of the file in your next reply.
  • Exit MBAM when done.


Multiple firewalls

Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall will provide substantial protection for your computer. Microsoft specifically says not to use more than one firewall, because it can result in some programs not working correctly. There's even a Help and Support Center topic in XP SP2 called Why you should only use one firewall. In any event, having two firewalls running simultaneously is most certainly an unnecessary drain on system resources.

I recommend that you uninstall one of the firewalls, i.e. Sunbelt Personal Firewall. To uninstall go to: Start -> Control Panel -> Add or Remove Programs.

Note: Please do not reboot your computer after the uninstall.


Uninstall misc programs

Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.

Please uninstall Spybot Search and Destroy to avoid any conflicts with the tools we are going to use. I will include instructions to reinstall later.


Java 2 Runtime Environment, SE v1.4.2_01
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3


  • If you have closed Add/remove programs. Click on Start -> Control Panel -> Add or Remove Programs.
  • Uninstall the programs listed above. Please postpone any reboots.


Instructions to reboot you computer.

Please reboot your computer normally to check if the firewall uninstall solved any problems. If there's still lots of trouble, start your computer in safe mode and follow the rest of the instructions in this post.

To start the computer in safe mode:

  • During startup, but before the Windows logo appears, tap the F5/F8 key continually or hold down the Shift key;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • When asked to proceed to safe mode, click Yes.
  • Make sure AVG is disabled, then follow the GMER instructions as described below.
  • When finished reboot the computer normally to post the results..


Disable AVG

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes and close the window.
Note: Don't forget to re-enable it after the fix.


GMER

  • Double click the GMER .exe file. If asked to allow gmer's ".sys" driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it


  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

If GMER crashes, please try the scan in safe mode (if not already there).


DDS

There should still be a copy of DDS on your desktop. If not, please download DDS by sUBs from one of the links below and save it to your desktop:

dds_scr.gif

Download DDS and save it to your desktop

Link1
Link2
Link3 <<< right click and select Save as...

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on the dds icon, a command window will appear. This is normal.
  • Two logs will appear when the scan is finished:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


You can now enable AVG


When ready, please post (you can use more than one post):
  • the answer to any questions
  • the MBAM log
  • the GMER log
  • the dds logs
  • did any problems occur while following the instructions?
 
Sorry to raise this concern about the firewall issue before i proceed:

My AVG anti-virus & the firewall that comes with it are from the AVG-30 day trial, which is about to expire within 24 hours. I had the AVG free (as a virus scan tool) for a while but when this problem started I decided to update the version (in hopes of solving this) as a result I got the full 30 day free trial. (Sunbelt served as my firewall).

I am going to loose the AVG fire wall pretty soon.
Should I disable the AVG firewall instead?
 
Yes, instead of uninstalling Sunbelt Personal Firewall, you can disable AVG Firewall. If you need instructions, here they are:

  • Open the AVG User Interface.
  • Double click on the Firewall component.
  • Choose the Firewall disabled option.
  • Confirm changes by clicking on the Save changes button.
    Postpone any reboots.


Then follow the rest of the instructions in my previous post. :)
 
I ran all 4 anti Malware software. Ad-Aware did not detected anything neither did Windows Defender. Hitman Pro and Malwarebytes' Anti Malware did.

Malwarebytes' Anti Malware log, this is the first scan I ran which detected malware, the subsqeunt scans I ran (3 more) did not detect anything

This is the first scan:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4236

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/06/2010 04:15:44
mbam-log-2010-06-25 (04-15-44).txt

Scan type: Quick scan
Objects scanned: 140691
Time elapsed: 17 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\OWNER\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.


-------------------------------

This is the latest scan:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4236

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/06/2010 12:22:42
mbam-log-2010-06-25 (12-22-42).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 252383
Time elapsed: 1 hour(s), 30 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER does not seem to work.

When i first tried it I received a Blue Screen error causing my computer to re-start.

I tried it again and the same happened, but after an hour-2hours.

Tried it a third time and i received the 1x0006 error message (i think that is what it is called, but with more numbers) with GMER shutting down.

I ran GMER in Safe Mode and it worked without crashing however the scan did not work properly, well at least the data did not collect into the GMER programme.

Another issue i have with GMER is that as soon as i open it runs a super fast scan, before i can carry out the instructions you gave and start a proper scan, attempts to cancel that "super fast start up scan" cause GMER to shut down/freeze.

After running GMER in Safe Mode these are the "results" -only of the super fast start scan, even though the bar at the bottom showed scanning taking place and finished. (When i ran GMER in normal mode results/data did collect however my pc would crash with the Blue screen error or a different error message causing GMER would shut down).

The scan in normal and safe mode took hours to only have it crash in normal mode and get nothing in Safe Mode. :confused:

These are the "results" i could only get (of the super fast start scan):

1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-04 21:28:57
Windows 5.1.2600 Service Pack 3
Running: z330km67.exe; Driver: C:\DOCUME~1\OWNER\LOCALS~1\Temp\awldypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwClose [0xF81B5F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF81B5552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF81B1882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF81B4A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF81B4910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF81B4F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF81B6034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF81B1D54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF81B1E70]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF81B5906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF81B1B78]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF81B50DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF81B5CE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF81B2038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF81B5BB2]

---- EOF - GMER 1.0.15 ----
 
Also seems that (thus far) when i re-start my computer the desktop/appearance does not revert back to classic style and i can connect to the internet easily, which was one of the problems I had earlier as mentioned in my first post.

The last anti-malware scan i ran was the Hit-man pro scan (on 26th June) which detected malware (before I came to these forums). After re-booting my pc following that scan I was able to re-set my desktop/appearance settings to XP and get an internet connection without a problem (and then I found these forums).

I only re-started my computer (first time in over a week) after following your instructions on uninstalling the programs you mentioned.

I did not want to shut down/re-start earlier in fear of loosing my connection. So this was unexpected.

So now it seems i do not have a problem re-booting my computer nor loosing connection (for now i have to say, as with these treacherous malware anything is possible and i know i am not out of the woods and not fully clean -as Malware bytes which I ran before Hitman pro did not detect what Hitman pro did).

Every time I re-start my pc (as I had to with the GMER problems) Hitman pro automatically starts a malware scan (which I cancel). Yet, despite cancelling each time it does detect two traces for proxy servers stating “Internet explorer is using a proxy to connect to the internet” –is that normal, as in that is the manner my wireless works which is being detected or something else?

Furthermore when I started in safe mode (for the GMER scan) my desktop had reverted to the classic look with the screen resolution changing to 800 by 600 pixels not the setting I have of 1024 by 768 pixels, is that normal for safe mode?
 
It is normal with the classic look and lower screen resolution in safe mode.

The default settings of Hitman Pro is to scan at every reboot, this can be deactivated and is not a sign of infection. In general using a wireless network would not require the use of a proxy server. You can try to reset the proxy settings. To do this:

For Internet Explorer: Click the Tools menu -> Internet Options -> Connections tab -> Lan Settings -> uncheck "use a proxy server" and check to "Automatically detect settings". Click OK and reboot the computer.


The MBAM scan log shows traces of the Win32/ZBOT infection.

You can see from the MS description - unfortunately it's not good:

Win32/Zbot is a family of password stealing trojans. Win32/Zbot also contains backdoor functionality that allows unauthorized access and control of an affected machine.
Click to expand...
Due to the functionality of this type of malware, it's impossible to tell what may have been done when the system was compromised. Once infected with this type of infection, the best course of action is to reformat and reinstall Windows. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

  • If you have used this computer for shopping, banking, or other transactions, it would be wise to :
    Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  • From a known clean computer, change ALL your online passwords -- ISP login password, your email address(es) passwords, banks, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password.

I can attempt to carry on cleaning this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.
 
Thats terrifying.

Has the Win32/ZBOT infection been removed from my PC? Or is it still around?

Does the Malwarebytes log say when i was infected?

Because I do not use this computer for transactions often (the last time i did it was last October/November 2009 and only because i had to). I am averse to online transactions and hate doing them, so try and avoid them as most as I can.

Credit card details and financial details i never keep on this pc (though i have saved online receipts mostly as paint documents –from print screen, -are they at risk)?

I have passwords etc, for various logins/emails stored on a word document. Is this also infected/may have been infected? (Changing them is not much of a problem for me). Thus far I do not think I have been hacked or compromised on online sites etc. If I change the details from a clean computer and access them from this one, will that lead to them being compromised again?


And i would like to keep cleaning my system, if that can be done (unfortunately GMER does not work –is it because of malware it is being blocked?).
 
Out of curiosity, why did my PC revert back to a classic look and i had difficulty getting an internet connection?? Was that the malware messing around with my systems?
 
Sorry to ask again, but are word and paint documents at risk, can they be compromised by Win32/malware/trojans? Can they access data/info from them?
 
AndyUK said:
Sorry to ask again
Click to expand...
Don't worry about the number of questions. I will try my best to answer them.

Does the Malwarebytes log say when i was infected?
Click to expand...
No, however we might find out by further investigation.

unfortunately GMER does not work
Click to expand...
This is usually a sign of infection.

If I change the details from a clean computer and access them from this one, will that lead to them being compromised again?
Click to expand...
We do not know which infections might still be active on this computer and by using any passwords might compromise them again.

I will try my best to answer the remaining questions during the investigation and cleanup over the next posts.


Uninstall misc programs

Please uninstall these to avoid any conflicts with the removal process.


Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware SE Personal
Windows Defender

  • Open Add/remove programs. Click on Start -> Control Panel -> Add or Remove Programs.
  • Uninstall the programs listed above (if found).

It appears to me that you don't use Norton Internet Security anymore (expired?). If so please also uninstall these:

LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update


Hitman Pro

  • Open Hitman Pro
  • Click Settings, then uncheck the option to Scan computer daily during startup
  • Click History to view the quarantine
  • Please post filename, path and type of the threat(s) Hitman Pro has previously detected (no tracking cookies please).


Re-run DDS

There should still be a copy of DDS on your desktop. If not, please download DDS by sUBs from one of the links below and save it to your desktop:

dds_scr.gif

Download DDS and save it to your desktop

Link1
Link2
Link3 <<< right click and select Save as...

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on the dds icon, a command window will appear. This is normal.
  • Two logs will appear when the scan is finished:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


When ready, please post (you can use more than one post):
  • the information from Hitman Pro
  • the DDS logs
  • did any problems occur while following the instructions?
 
Hello...

It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having any trouble uninstalling the requested software? If so then tell me, I can find a solution to the problem.

Just let me know what's going on otherwise... After 24 hrs., if you have not replied to this thread... it will be closed!

Please post back even if you do not wish to continue.
 
Hi Victor,

I deeply apologise for not replying.
I had to go hospital for a family related matter, which is why I did not respond, it was unexpected otherwise I would have posted something.

I greatly appreciate your time and effort in assisting me and do wish to continue.
 
This is the Hitman pro log:

File Name: RDPCDD.sys

Path: C:\WINDOWS\Systems32\DRIVERS

Type: Malware

Deleted
(Sat 26th June 2010 06:43)

It is the only one which was dected (other than cookies).
 
DDS log part 1:


DDS (Ver_10-03-17.01) - NTFSx86
Run by OWNER at 18:01:32.60 on 08/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.76 [GMT 1:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\OWNER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\firewa~1.lnk - c:\windows\system32\net.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093807566890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - hxxp://207.226.177.98/gba1402.exe
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scfcder.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-6-5 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-5 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-21 2331032]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-29 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-29 235120]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-6-5 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-6-5 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-6-5 26192]
S0 fary;fary;c:\windows\system32\drivers\kmiwifwu.sys --> c:\windows\system32\drivers\kmiwifwu.sys [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-21 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S2 ScheduleVAIOMediaPlatform-VideoServer-UPnP;Task Scheduler ScheduleVAIOMediaPlatform-VideoServer-UPnP;c:\windows\system32\adobepdfk.exe srv --> c:\windows\system32\AdobePDFk.exe srv [?]
S2 stisvcUPS;Windows Image Acquisition (WIA) stisvcUPS;c:\windows\system32\1037a.exe srv --> c:\windows\system32\1037a.exe srv [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-5 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-29 87664]

=============== Created Last 30 ================

2010-06-26 06:41:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:43:50 378 ----a-w- c:\windows\system32\.crusader
2010-06-26 05:36:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-06-26 05:35:51 0 d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24:36 0 d-----w- c:\windows\system32\NtmsData
2010-06-26 00:04:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 02:53:05 0 d-----w- c:\docume~1\OWNER\applic~1\Malwarebytes
2010-06-25 02:52:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-25 02:52:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04:36 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-23 23:04:42 0 d-----w- c:\program files\Bonjour
2010-06-21 16:25:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-07-08 16:30:34 27032444 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-21 16:26:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:24:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-05 04:55:04 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 18:03:06.82 ===============
 
DDS log part 2:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 29/08/2004 20:52:53
System Uptime: 07/08/2010 17:54:33 (-719 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 9.129 GiB free.
D: is FIXED (NTFS) - 158 GiB total, 126.956 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2096: 05/06/2010 06:18:25 - Avg Update
RP2097: 06/06/2010 01:03:04 - Installed Adobe Photoshop CS2
RP2098: 08/06/2010 16:03:33 - System Checkpoint
RP2099: 08/06/2010 23:18:39 - System Checkpoint
RP2100: 09/06/2010 23:57:01 - System Checkpoint
RP2101: 11/06/2010 19:32:59 - System Checkpoint
RP2102: 14/06/2010 15:20:05 - System Checkpoint
RP2103: 15/06/2010 17:07:14 - System Checkpoint
RP2104: 18/06/2010 21:56:42 - System Checkpoint
RP2105: 20/06/2010 00:59:54 - System Checkpoint
RP2106: 20/06/2010 04:52:07 - Spybot-S&D Spyware removal
RP2107: 21/06/2010 17:18:57 - Avg Update
RP2108: 21/06/2010 17:27:01 - Avg Update
RP2109: 21/06/2010 22:55:22 - Cleaned registry with Windows Live OneCare safety scanner
RP2110: 23/06/2010 06:36:17 - System Checkpoint
RP2111: 24/06/2010 09:00:51 - System Checkpoint
RP2112: 25/06/2010 09:06:20 - System Checkpoint
RP2113: 25/06/2010 13:14:21 - Installed Windows Defender
RP2114: 26/06/2010 13:27:24 - System Checkpoint
RP2115: 26/06/2010 16:58:31 - Cleaned registry with Windows Live OneCare safety scanner
RP2116: 26/06/2010 18:11:22 - Software Distribution Service 3.0
RP2117: 27/06/2010 21:22:04 - System Checkpoint
RP2118: 28/06/2010 22:18:04 - System Checkpoint
RP2119: 29/06/2010 09:29:43 - Avg Update
RP2120: 29/06/2010 09:32:29 - Avg Update
RP2121: 30/06/2010 09:32:45 - System Checkpoint
RP2122: 01/07/2010 09:56:45 - System Checkpoint
RP2123: 02/07/2010 10:20:47 - System Checkpoint
RP2124: 03/07/2010 10:56:44 - System Checkpoint
RP2125: 04/07/2010 04:04:44 - Removed Java 2 Runtime Environment, SE v1.4.2_01
RP2126: 04/07/2010 04:06:25 - Removed Java(TM) 6 Update 3
RP2127: 04/07/2010 04:07:27 - Removed Java(TM) 6 Update 5
RP2128: 05/07/2010 05:57:12 - System Checkpoint
RP2129: 06/07/2010 15:20:13 - System Checkpoint
RP2130: 07/07/2010 15:58:50 - System Checkpoint
RP2131: 08/07/2010 17:49:24 - Removed Windows Defender
RP2132: 08/07/2010 17:52:13 - Removed Norton WMI Update

==== Installed Programs ======================


Adobe Acrobat Elements 6.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 9.0
Bonjour
ccCommon
Click to DVD 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Empire: Total War Demo
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (English)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Mozilla Thunderbird (2.0.0.21)
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Natural Selection 3.2
Norton Internet Security
Norton Internet Security (Symantec Corporation)
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Portal
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rome - Total War(TM)
Rotor-Gene 6000 1.7.87
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SonicStage 1.6.00
Sony Ericsson PC Suite
Sony USB Mouse
Sony Video Shared Library
SPSS 16.0 for Windows
Steam
Sunbelt Personal Firewall
Sven Co-op 4.0B
Symantec Network Drivers Update
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO Remote Commander Utility 6.2
VAIO System Information
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
VPS
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
World Book Multimedia Encyclopedia 1997

==== Event Viewer Messages From Past Week ========

08/07/2010 16:07:59, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001150C38F2E has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
05/07/2010 12:51:50, error: System Error [1003] - Error code 00000050, parameter1 fa227000, parameter2 00000000, parameter3 b0270fec, parameter4 00000000.
04/07/2010 16:13:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/07/2010 10:51:09, error: System Error [1003] - Error code 00000050, parameter1 fb7535e8, parameter2 00000000, parameter3 b05d1d3d, parameter4 00000000.
04/07/2010 05:29:42, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CAROLLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{88F0FC77-B540-40. The master browser is stopping or an election is being forced.
04/07/2010 05:14:00, error: System Error [1003] - Error code 00000050, parameter1 f8db8008, parameter2 00000000, parameter3 b07b453e, parameter4 00000000.
04/07/2010 04:53:07, error: NetBT [4321] - The name "HOME :1d" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.8 did not allow the name to be claimed by this machine.

==== End Of File ===========================
 
Status
Not open for further replies.
Back
Top